Skills
skills/dimitrigilbert/parsearger/parsearger-utils/Gen Agent Trust Hub

parsearger-utils

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The completely feature includes a --completely-cmd option. This parameter allows the execution of an arbitrary command string provided by the user or an agent. An attacker could exploit this to run malicious shell commands in the host environment.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its documentation feature.
  • Ingestion points: The document command reads the content of scripts and files within user-specified directories.
  • Boundary markers: None are specified to separate external file content from agent instructions.
  • Capability inventory: File system read/write and subprocess execution of the parseArger binary.
  • Sanitization: No sanitization of the input file content is mentioned before it is processed or output.
  • DATA_EXFILTRATION (LOW): The bulk-parse and document functions can be directed to scan entire directories. If an agent is instructed to run these tools on sensitive paths (e.g., config directories or home folders), it could result in the exposure of sensitive file contents through the generated output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:14 PM